diff options
-rw-r--r-- | Makefile | 52 | ||||
-rw-r--r-- | daemon.c | 41 | ||||
-rw-r--r-- | hal_internal.h | 28 | ||||
-rw-r--r-- | rpc_client_daemon.c | 6 | ||||
-rw-r--r-- | rpc_client_serial.c | 9 | ||||
-rw-r--r-- | rpc_serial.c | 43 | ||||
-rw-r--r-- | rpc_server.c | 3 | ||||
-rw-r--r-- | serial_internal.h | 43 | ||||
-rw-r--r-- | slip_internal.h | 3 |
9 files changed, 108 insertions, 120 deletions
@@ -41,10 +41,10 @@ LIB = libhal.a USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [KS=volatile|mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes]" -IO_BUS ?= eim +IO_BUS ?= none KS ?= volatile RPC_MODE ?= none -RPC_TRANSPORT ?= serial +RPC_TRANSPORT ?= none MODEXP_CORE ?= no ifeq (,$(and \ @@ -72,7 +72,8 @@ endif # makefile, so the working definition of "always want" is sometimes # just "building this is harmless even if we don't use it." -OBJ = errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ} +OBJ += errorstrings.o hash.o asn1.o ecdsa.o rsa.o ${KS_OBJ} xdr.o slip.o +OBJ += rpc_api.o rpc_hash.o rpc_misc.o rpc_pkey.o rpc_client.o rpc_server.o # Object files to build when we're on a platform with direct access # to our hardware (Verilog) cores. @@ -128,7 +129,7 @@ endif # client-mixed: Like client-simple but do hashing locally in software and # support a local keystore (for PKCS #11 public keys, etc) # -# RPC_TRANSPORT = loopback | serial | daemon +# RPC_TRANSPORT = none | loopback | serial | daemon # loopback: Communicate over loopback socket on Novena # serial: Communicate over USB in serial pass-through mode # daemon: Communicate over USB via a daemon, to arbitrate multiple clients @@ -138,45 +139,35 @@ endif # the C preprocessor: we can use symbolic names so long as they're defined as macros # in the C code, but we can't use things like C enum symbols. -ifneq "${RPC_MODE}" "none" - OBJ += rpc_api.o xdr.o +ifneq "${RPC_MODE}" "server" + OBJ += rpc_serial.o endif -ifeq "${RPC_MODE}" "server" - OBJ += slip.o -else ifeq "${RPC_TRANSPORT}" "serial" - OBJ += slip.o rpc_serial.o -endif - -RPC_CLIENT_OBJ = rpc_client.o ifeq "${RPC_TRANSPORT}" "loopback" - RPC_CLIENT_OBJ += rpc_client_loopback.o + RPC_CLIENT_OBJ = rpc_client_loopback.o else ifeq "${RPC_TRANSPORT}" "serial" - RPC_CLIENT_OBJ += rpc_client_serial.o + RPC_CLIENT_OBJ = rpc_client_serial.o else ifeq "${RPC_TRANSPORT}" "daemon" - RPC_CLIENT_OBJ += rpc_client_daemon.o + RPC_CLIENT_OBJ = rpc_client_daemon.o endif -RPC_DISPATCH_OBJ = rpc_hash.o rpc_misc.o rpc_pkey.o - -RPC_SERVER_OBJ = rpc_server.o ifeq "${RPC_TRANSPORT}" "loopback" - RPC_SERVER_OBJ += rpc_server_loopback.o + RPC_SERVER_OBJ = rpc_server_loopback.o else ifeq "${RPC_TRANSPORT}" "serial" - RPC_SERVER_OBJ += rpc_server_serial.o + RPC_SERVER_OBJ = rpc_server_serial.o endif ifeq "${RPC_MODE}" "none" OBJ += ${CORE_OBJ} CFLAGS += -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq "${RPC_MODE}" "server" - OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} ${RPC_DISPATCH_OBJ} + OBJ += ${CORE_OBJ} ${RPC_SERVER_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_LOCAL -DHAL_RSA_USE_MODEXP=${RSA_USE_MODEXP_CORE} else ifeq "${RPC_MODE}" "client-simple" OBJ += ${RPC_CLIENT_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_REMOTE -DHAL_RSA_USE_MODEXP=0 else ifeq "${RPC_MODE}" "client-mixed" - OBJ += ${RPC_CLIENT_OBJ} ${RPC_DISPATCH_OBJ} + OBJ += ${RPC_CLIENT_OBJ} CFLAGS += -DRPC_CLIENT=RPC_CLIENT_MIXED -DHAL_RSA_USE_MODEXP=0 KS = volatile endif @@ -207,18 +198,21 @@ all: ${LIB} cd utils; ${MAKE} $@ client: - ${MAKE} RPC_MODE=client-simple + ${MAKE} RPC_MODE=client-simple RPC_TRANSPORT=daemon mixed: - ${MAKE} RPC_MODE=client-mixed + ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=daemon server: - ${MAKE} RPC_MODE=server + ${MAKE} RPC_MODE=server RPC_TRANSPORT=serial IO_BUS=fmc -daemon: cryptech_rpcd - ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=daemon +serial: + ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=serial + +daemon: + ${MAKE} RPC_MODE=client-mixed RPC_TRANSPORT=daemon ${LIB} cryptech_rpcd -cryptech_rpcd: daemon.o slip.o rpc_serial.o xdr.o +cryptech_rpcd: daemon.o ${LIB} ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} ${OBJ}: ${INC} @@ -42,6 +42,7 @@ #include <getopt.h> /* required with -std=c99 */ #include <termios.h> /* for default speed */ +#include "hal_internal.h" #include "slip_internal.h" #include "xdr_internal.h" @@ -99,32 +100,13 @@ static void poll_remove(int fd) /* if it's not found, return without an error */ } -#ifndef MAX_PKT_SIZE /* move this to hal_internal.h */ -#define MAX_PKT_SIZE 4096 -#endif - typedef struct { size_t len; - uint8_t buf[MAX_PKT_SIZE]; + uint8_t buf[HAL_RPC_MAX_PKT_SIZE]; } rpc_buffer_t; static rpc_buffer_t ibuf, obuf; -#ifndef DEVICE -#define DEVICE "/dev/ttyUSB0" -#endif - -#ifndef SPEED -#define SPEED B921600 -#endif - -#ifndef B921600 -#define B921600 921600 -#endif - -#ifndef SOCKET_NAME -#define SOCKET_NAME "/tmp/cryptechd.socket" -#endif -char *socket_name = SOCKET_NAME; +const char *socket_name = HAL_CLIENT_DAEMON_DEFAULT_SOCKET_NAME; /* Set up an atexit handler to remove the filesystem entry for the unix domain * socket. This will trigger on error exits, but not on the "normal" SIGKILL. @@ -151,8 +133,8 @@ int main(int argc, char *argv[]) int lsock; int dsock; int opt; - char *device = DEVICE; - speed_t speed = SPEED; + const char *device = HAL_CLIENT_SERIAL_DEFAULT_DEVICE; + uint32_t speed = HAL_CLIENT_SERIAL_DEFAULT_SPEED; while ((opt = getopt(argc, argv, "hn:d:s:")) != -1) { switch (opt) { @@ -168,10 +150,7 @@ int main(int argc, char *argv[]) case 's': switch (atoi(optarg)) { case 115200: - speed = B115200; - break; case 921600: - speed = B921600; break; default: printf("invalid speed value %s\n", optarg); @@ -218,11 +197,13 @@ int main(int argc, char *argv[]) */ memset(&name, 0, sizeof(struct sockaddr_un)); - /* Bind the listening socket. + /* Bind the listening socket. On some platforms, we have to pass the "real" + * (number of bytes in use) length of the sockaddr_un to get the name bound + * correctly, so use the SUN_LEN() macro to calculate that. */ name.sun_family = AF_UNIX; strncpy(name.sun_path, socket_name, sizeof(name.sun_path) - 1); - ret = bind(lsock, (const struct sockaddr *) &name, sizeof(struct sockaddr_un)); + ret = bind(lsock, (const struct sockaddr *) &name, SUN_LEN(&name)); if (ret == -1) { perror("bind"); exit(EXIT_FAILURE); @@ -290,9 +271,9 @@ int main(int argc, char *argv[]) /* client data socket */ else { - const uint8_t * const limit = obuf.buf + MAX_PKT_SIZE; + const uint8_t * const limit = obuf.buf + HAL_RPC_MAX_PKT_SIZE; /* Get the client's rpc request packet. */ - obuf.len = recv(pollfds[i].fd, obuf.buf, MAX_PKT_SIZE, 0); + obuf.len = recv(pollfds[i].fd, obuf.buf, HAL_RPC_MAX_PKT_SIZE, 0); #ifdef DEBUG printf("data socket %d received request:\n", pollfds[i].fd); hexdump(obuf.buf, obuf.len); diff --git a/hal_internal.h b/hal_internal.h index e238bcf..7a97a87 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -450,6 +450,34 @@ typedef enum { #define RPC_CLIENT_MIXED 2 #define RPC_CLIENT_NONE 3 +/* + * Maximum size of a HAL RPC packet. + */ + +#ifndef HAL_RPC_MAX_PKT_SIZE +#define HAL_RPC_MAX_PKT_SIZE 4096 +#endif + +/* + * Location of AF_UNIX socket for RPC client mux daemon. + */ + +#ifndef HAL_CLIENT_DAEMON_DEFAULT_SOCKET_NAME +#define HAL_CLIENT_DAEMON_DEFAULT_SOCKET_NAME "/tmp/cryptech_rpcd.socket" +#endif + +/* + * Default device name and line speed for HAL RPC serial connection to HSM. + */ + +#ifndef HAL_CLIENT_SERIAL_DEFAULT_DEVICE +#define HAL_CLIENT_SERIAL_DEFAULT_DEVICE "/dev/ttyUSB0" +#endif + +#ifndef HAL_CLIENT_SERIAL_DEFAULT_SPEED +#define HAL_CLIENT_SERIAL_DEFAULT_SPEED 921600 +#endif + #endif /* _HAL_INTERNAL_H_ */ /* diff --git a/rpc_client_daemon.c b/rpc_client_daemon.c index f328302..dea352f 100644 --- a/rpc_client_daemon.c +++ b/rpc_client_daemon.c @@ -41,10 +41,6 @@ #include "hal.h" #include "hal_internal.h" -#ifndef SOCKET_NAME -#define SOCKET_NAME "/tmp/cryptechd.socket" -#endif - static int sock = -1; hal_error_t hal_rpc_client_transport_init(void) @@ -57,7 +53,7 @@ hal_error_t hal_rpc_client_transport_init(void) return perror("socket"), HAL_ERROR_RPC_TRANSPORT; memset(&name, 0, sizeof(struct sockaddr_un)); name.sun_family = AF_UNIX; - strncpy(name.sun_path, SOCKET_NAME, sizeof(name.sun_path) - 1); + strncpy(name.sun_path, HAL_CLIENT_DAEMON_DEFAULT_SOCKET_NAME, sizeof(name.sun_path) - 1); ret = connect(sock, (const struct sockaddr *) &name, sizeof(struct sockaddr_un)); if (ret == -1) return perror("connect"), HAL_ERROR_RPC_TRANSPORT; diff --git a/rpc_client_serial.c b/rpc_client_serial.c index b27c255..149998e 100644 --- a/rpc_client_serial.c +++ b/rpc_client_serial.c @@ -33,6 +33,7 @@ */ #include <stdio.h> +#include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> @@ -44,15 +45,9 @@ #include "hal_internal.h" #include "slip_internal.h" -/* XXX These REALLY ought to be passed from the client app command line, - * rather than compiled into the library. - */ -#define DEVICE "/dev/ttyUSB1" -#define SPEED B921600 - hal_error_t hal_rpc_client_transport_init(void) { - return hal_serial_init(DEVICE, SPEED); + return hal_serial_init(HAL_CLIENT_SERIAL_DEFAULT_DEVICE, HAL_CLIENT_SERIAL_DEFAULT_SPEED); } hal_error_t hal_rpc_client_transport_close(void) diff --git a/rpc_serial.c b/rpc_serial.c index dc5821f..98a1d20 100644 --- a/rpc_serial.c +++ b/rpc_serial.c @@ -44,12 +44,28 @@ #include "hal_internal.h" #include "slip_internal.h" +/* + * Not thrilled about having OS-specific conditionals, but as such things + * go, this seems relatively safe: gcc and clang both define it on Mac OS X, + * and anything *not* on Mac OS X which defines it is begging for trouble. + */ + +#ifndef HAL_RPC_SERIAL_USE_MACOSX_IOCTL +#define HAL_RPC_SERIAL_USE_MACOSX_IOCTL (defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__)) +#endif + +#if HAL_RPC_SERIAL_USE_MACOSX_IOCTL +#include <IOKit/serial/ioss.h> +#include <sys/ioctl.h> +#endif + static int fd = -1; -hal_error_t hal_serial_init(const char * const device, const speed_t speed) +hal_error_t hal_serial_init(const char * const device, const uint32_t speed) { struct termios tty; - + speed_t termios_speed; + fd = open(device, O_RDWR | O_NOCTTY | O_SYNC); if (fd == -1) { fprintf(stderr, "open %s: ", device); @@ -59,9 +75,32 @@ hal_error_t hal_serial_init(const char * const device, const speed_t speed) if (tcgetattr (fd, &tty) != 0) return perror("tcgetattr"), HAL_ERROR_RPC_TRANSPORT; +#if HAL_RPC_SERIAL_USE_MACOSX_IOCTL + + termios_speed = speed; + + if (ioctl(fd, IOSSIOSPEED, &speed) < 0) + return perror("ioctl()"), HAL_ERROR_RPC_TRANSPORT; + +#else + + switch (speed) { + case 115200: + termios_speed = B115200; + break; + case 921600: + termios_speed = B921600; + break; + default: + fprintf(stderr, "invalid line speed %lu\n", (unsigned long) speed); + return HAL_ERROR_RPC_TRANSPORT; + } + cfsetospeed (&tty, speed); cfsetispeed (&tty, speed); +#endif + tty.c_cflag &= ~CSIZE; tty.c_cflag |= (CS8 | CLOCAL | CREAD); diff --git a/rpc_server.c b/rpc_server.c index 9089aea..7b06780 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -755,10 +755,9 @@ void hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen, hal_xdr_encode_int(&optr, olimit, ret); } -#define MAX_PKT_SIZE 4096 #define interrupt 0 -static uint8_t inbuf[MAX_PKT_SIZE], outbuf[MAX_PKT_SIZE]; +static uint8_t inbuf[HAL_RPC_MAX_PKT_SIZE], outbuf[HAL_RPC_MAX_PKT_SIZE]; void hal_rpc_server_main(void) { diff --git a/serial_internal.h b/serial_internal.h deleted file mode 100644 index abf2259..0000000 --- a/serial_internal.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * serial_internal.c - * ----------------- - * Low-level serial transport functions. - * - * Copyright (c) 2016, NORDUnet A/S All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are - * met: - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * - Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * - Neither the name of the NORDUnet nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _HAL_SERIAL_INTERNAL_H -#define _HAL_SERIAL_INTERNAL_H - -hal_error_t hal_serial_init(const char * const device, const speed_t speed, int * const fdp); -hal_error_t hal_serial_close(void); -int hal_serial_send_char(const uint8_t c); -int hal_serial_recv_char(uint8_t * const c); - -#endif /* _HAL_SERIAL_INTERNAL_H */ diff --git a/slip_internal.h b/slip_internal.h index e3b7af0..4c36c31 100644 --- a/slip_internal.h +++ b/slip_internal.h @@ -50,8 +50,7 @@ extern hal_error_t hal_serial_send_char(const uint8_t c); extern hal_error_t hal_serial_recv_char(uint8_t * const c); #ifndef STM32F4XX -#include <termios.h> /* speed_t */ -extern hal_error_t hal_serial_init(const char * const device, const speed_t speed); +extern hal_error_t hal_serial_init(const char * const device, const uint32_t speed); extern hal_error_t hal_serial_close(void); extern int hal_serial_get_fd(void); #endif |